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Amend ments to the Claims 

1 Claim 1 (currently amended): A method of im p roving security policy administration and 

2 enforcemen t using a luli - ycmiissi o n . m odel in a security system that controls access using 

3 security objects* comprising steps of: 

4 associating each of a plurality of roles w ith one of the security objects, each of the 

5 security objects specifying at least QftejtescLurce and for each resource, atleast one_actiQnto_be 

6 permitted on the resource: and 

7 controlling access, by a plurality of subjects, to the actions on the resources using the 

8 security objects, wherein each of the subjects has been granted at least one of thejroles* 

9 id e ntifying on e or more groups of permi tt ed actions o n selec te d re sources; 

10 as s i g ning a n ame to each ide n tified group; And 

11 associa tin g subj e cts w i th each assigned name. 

Claim 2 (canceled) 

1 Claim 3 (currently amended): The method according to Claim 1 , wherein at least one of the 

2 selected resources [[are]] ts_an executable methods method . 



1 Claim 4 (currently amended): The method according to Claim 1, wherein at least one of the 

2 selec t ed resources arc c o lumn s is a column of a database table, 

1 Claim 5 (currently amended): The method according to Claim 1 , wherein at least one of the 

Serial No. 09/943,618 -2- RSW920010125US1 



PAGE 4/12 * RCVD AT 5/7/2005 10:52:37 PM [Eastern Daylight Time] * 8VR:USPT0«ff XRF-1/0 * DNIS:8729306 1 CSID:4073437587 * DURATION (mm-ss):03-O4 



85/87/2005 22:53 4873437587 



FAX 



PAGE 85 



2 selected resource s arc rows is a row of a database table. 

1 Claim 6 (currently amended): The method according to Claim 1 , wherein at least one of the 

2 selec t ed resources arc files is a file and the permitted actions on the at least one resource are file 

3 access operations. 

1 Claim 7 (currently amended): The method according to Claim 1 , wherein atleast_one_of the 

2 s e lect e d resources [[are]] iajj function [[calls]] call to f uncti o ns a Junction of o ne or mo re an 

3 executable pr o grams program . 

1 Claim 8 (currently amended): The method according to Claim 1 , wherein at least one of the 

2 sel e c t ed resources [[are]] is an Enterprise JavaBean ("EJB"^ Ja r vaDcans (**EJDs ?g ) -and the 

3 permitted actions on the at least one resource are methods on the [[EJBs]] EJB . 

) Claim 9 (currently amended): The method according to Claim 1 9 wherein at Jeas_t_one_of the 

2 selected resources arc scrvlete is a servlet and the permitted actions pn_the_at least one resource 

3 are methods of the sc r vlcts servlet. 

1 Claim 1 0 (currently amended): The method according to Claim 1 , wherein at least one of the 

2 selected resources [[are]] isa Uniform Resource Identifier CURI"^ I dentifiers f "URIs ?r > a nd the 

3 permitted actions on the at Ieast one resource are methods which reference the [[URIs]] URL 

Serial No. 09/943,61 8 -3- RSW92001 01 25US 1 
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1 Claim 1 1 (currently amended): The method according to Claim 1 , wherein at least one of the 

2 sel e c t ed resources [[are]] isa JavaServer Page ("JSP") Pa g es ("JSPs") a nd the permitted actions 

3 on the at least one resource are methods referenced from the [[JSPs]] J§P. 

1 Claim 12 (currently amended): The method according to Claim 1, wherein at least one of the 

2 selected resources [[are]] is any resource that is expressible to the security system and the 

3 permitted actions on the at least one resource are selected from a set of actions that are permitted 

4 on th o se resources that resource, 

1 Claim 1 3 (currently amended): The method according to Claim 1 , wherein the controlling step 

2 further comprising comprises the steps of: 

3 receivi ng, from a particular one of the subjects, a an access request for access to a 

4 particular one of the actions on a particular one of the sel ected resources; and 

5 permitting the requested access only if the security object created for at least one of the 

6 ml_es_^yantedJoJhei_particxilar subject specifies the particular action on the particular resource. 

7 J c t e uuiiJting one or morc ro le s which arc r e q uired for accessing the particular r es o urce; 

8 det e u u inmg an id e n t i t y o f a sou r ce o f the access reques t ; 

9 for each o f flic required roles, until, obtaining a successful resul t o r exhausting the 

10 re qui re d ro les, de t ermining whe t her the identi t y o f the s o u rc e t s associa te d with t h e re quired ro le; 

11 and 

12 auth o rizing access to die particula r res o urce o nly if the s ucc e ssful r es ult was o btained; 

Serial No. 09/943,618 -4- RSW920010125US1 
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Claim 14 (canceled) 

1 Claim 1 5 (currently amended): A §ecujjty system for impiuvuig security policy administration 

2 and enforcement using secu rity objects in a computing network using a r o l e -p e nniasi o n m o del, 

3 comprising: 

4 means for associating each of a plurality of roles with one of the security objects, each of 

5 the security objects specifying at least one resource and for each resource, at least one action to 

6 be permitted on the resource; and 

7 means for controlling access, bv a plurality of subjects, to the acttonsLon the resources 

8 using the security obi_ects A _wherein each of the subjects has been granted at least one of the roles. 

9 means for iden t i f ying o ne or m o re g ro u p s o f permi tt ed ac t ions o n selec t ed r es o ur ce s; 

10 — m eans for assigning a name to each identified gruup, and 

11 means fo r ass o ciatin g subjects with each align e d nam e: 

1 Claim 1 6 (currently amended): The system according to Claim 1 5, further comprising: 

2 means for receivi ng, from a particular one of the subjects, a a n a cce ss request for access 

3 to a parti cular one of the actions on a particular one of the selected resources: and 

4 means for permitting the requested access only if the security object created for at least 

5 one of the roles granted to the particular subject specifies the parti cular action on the particular 

7 means far de t erm i ning on e o i m o re r o les which aie r e quir e d fo r accessing the partiiuhu 

8 r esource; 
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9 — : mean s fa r d e termining an iden t i ty o f a source o f the access imuist; 

10 for each o f the required re les, until o bta i ning a successful iisull o i e xhausti n g d i e 

11 r equired rol e s, mean s for determining whether the identi ty of th e somci is associated witli the 

12 r e quir e d role; and 

13 means For auth o rizing access t o die p articular resource o nly T ith e successful result was 

14 o b t ain e d. 

1 Claim 1 7 (currently amended): A computer program product for improving security policy 

2 administration and enforcement inasgcutfty system that controls access using security objects, in 

3 a c o mputing - n et w o rk u s ing a r o l e -pei miss i oii mod e l, t he computer program product embodied on 

4 one or more computer readable media and comprising: 

5 computer readable program code means for associating each of a plurality of totes with 

6 one of the security otjiects. each of the security objects speciffoog^atJiE^ 

7 each resource, at least one action to be permitted on the resource: and 

8 computer jgadable program code meansJFotc^ntroiUn^acces^ by a plurality of subjects. 

9 to the actions on the resources using the security objects, wherein each of the subjects has been 

10 granted at least one of the roles. 

1 1 — compute; readable program code means for identifying o ne o r more gr o ups o f pe r mi t ted 

12 actions on selec t ed r esources; 

13 computer readable program c o de m e an s f or assi g n in g a n am e to each -i de nt ified group; 

14 and 

15 computer readable program code means for associating subjects with each assigned name. 
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1 Claim 1 8 (currently amended): The computer program product according to Claim 1 7, further 

2 comprising: 

3 computer readable program code means for receivin g, from a particular one of the 

4 subjects, a an access request for access to a particular one of the actions on a particular one of the 

5 selected resources; and 

6 computer readable program c ode mean* for permitting the requested access onlyqf the 

7 security object created for at least one of the roles granted to the parti cular subject specifies the 

8 particular action on the particular resource. 

9 computer readable pr o g r am co d e means for Ucluiuiuiug om o r m o re ro les which are 

10 requ i red for accessing t he particular res o urce; 

11 com p uter readable piugiam code means for determining an identi t y o f a source o f the 

12 a c c e ss r equest; 

13 far each o f the re qu ir ed ro les, u nt ft o btaining a successful re sul t or ex haus t i n g the 

14 re q uired r o les, co mpu t e r rea d able progr am c o de means fo r determining whether the identi t y of 

15 th e source is associated with th e requii e d ivl e , aud 

16 co mpute r readabl e pr o g r am cod e mca»y fur authuiizing access to the p articular r es o urce 

17 on ly if t he successful r esul t was o bta ine d. 
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